summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 00b31fd)
raw | patch | inline | side by side (parent: 00b31fd)
| author | Arnie Reynoso <arnier@ti.com> | |
| Thu, 13 Mar 2014 21:08:00 +0000 (14:08 -0700) | ||
| committer | Chris Ring <cring@ti.com> | |
| Mon, 17 Mar 2014 19:38:49 +0000 (12:38 -0700) |
The strncpy length must be max number of characters - 1 bytes. The last
character will be the null termination thus shouldn't be copied. This
fix addresses a Coverity buffer overrun error.
character will be the null termination thus shouldn't be copied. This
fix addresses a Coverity buffer overrun error.
| packages/ti/ipc/namesrv/NameServerRemoteRpmsg.c | patch | blob | history |
diff --git a/packages/ti/ipc/namesrv/NameServerRemoteRpmsg.c b/packages/ti/ipc/namesrv/NameServerRemoteRpmsg.c
index 9ec68390b491912cd5d558e80974526a4677fe6d..f412927997c9756497a294290c43ac73ccf33e14 100644 (file)
len = strlen(instanceName);
Assert_isTrue(len < MAXNAMEINCHAR, NameServerRemoteRpmsg_A_nameIsTooLong);
- strncpy((Char *)msg.instanceName, instanceName, MAXNAMEINCHAR);
+ strncpy((Char *)msg.instanceName, instanceName, MAXNAMEINCHAR - 1);
((Char *)msg.instanceName)[MAXNAMEINCHAR - 1] = '\0';
len = strlen(name);
Assert_isTrue(len < MAXNAMEINCHAR, NameServerRemoteRpmsg_A_nameIsTooLong);
- strncpy((Char *)msg.name, name, MAXNAMEINCHAR);
+ strncpy((Char *)msg.name, name, MAXNAMEINCHAR - 1);
((Char *)msg.name)[MAXNAMEINCHAR - 1] = '\0';
Log_print3(Diags_INFO, FXNN": Requesting from procId %d, %s:%s...\n",